Closed karimrut closed 6 months ago
Also the terraform plan show's tags on all resources except for aws_db_subnet_group
My bad! We had managed to overwrite this with another resource... Case closed.
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
Hi!
We are testing out this modul with IAM ABAC. This seems to work quite well except we tried to run terraform destroy it failed on the db-subnet-group:
Error: deleting RDS Subnet Group (example-db-subnet-group): AccessDenied: User: arn:aws: is not authorized to perform: rds:DeleteDBSubnetGroup on resource: arn:aws:rds:xxx:xxx:subgrp:example-db-subnet-group because no identity-based policy allows the rds:DeleteDBSubnetGroup action status code: 403, request id: xxx
Looking closer it seems that the "tags (A map of tags to add to all resources)" does not get attached to this group. The only tag added is "Name".
Versions
Module version [Required]: 8.5.0
Terraform version: v1.2.7
Provider version(s): aws: 5.26.0
Reproduction Code [Required]
Steps to reproduce the behavior:
Set up any Aurora Serverless Postgres instance with a non-existing db-subnet-group.
Yes
Yes - Also used this in multiple different projects/tf states.
Expected behavior
I expect the same tags being attached to all other resources in this module to also be attached to the db-subnet-group
Actual behavior
The db-subnet-group does not get the tags as other resources do.